Visible to the public Biblio

Filters: Author is Zincir-Heywood, A. Nur  [Clear All Filters]
2019-05-08
Le, Duc C., Khanchi, Sara, Zincir-Heywood, A. Nur, Heywood, Malcolm I..  2018.  Benchmarking Evolutionary Computation Approaches to Insider Threat Detection. Proceedings of the Genetic and Evolutionary Computation Conference. :1286–1293.
Insider threat detection represents a challenging problem to companies and organizations where malicious actions are performed by authorized users. This is a highly skewed data problem, where the huge class imbalance makes the adaptation of learning algorithms to the real world context very difficult. In this work, applications of genetic programming (GP) and stream active learning are evaluated for insider threat detection. Linear GP with lexicase/multi-objective selection is employed to address the problem under a stationary data assumption. Moreover, streaming GP is employed to address the problem under a non-stationary data assumption. Experiments conducted on a publicly available corporate data set show the capability of the approaches in dealing with extreme class imbalance, stream learning and adaptation to the real world context.
2019-04-05
Khanchi, Sara, Vahdat, Ali, Heywood, Malcolm I., Zincir-Heywood, A. Nur.  2018.  On Botnet Detection with Genetic Programming under Streaming Data, Label Budgets and Class Imbalance. :21-22.

Botnets represent a widely deployed framework for remotely infecting and controlling hundreds of networked computing devices for malicious ends. Traditionally detection of Botnets from network data using machine learning approaches is framed as an offline, supervised learning activity. However, in practice both normal behaviours and Botnet behaviours represent non-stationary processes in which there are continuous developments to both as new services/applications and malicious behaviours appear. This work formulates the task of Botnet detection as a streaming data task in which finite label budgets, class imbalance and incremental/online learning predominate. We demonstrate that effective Botnet detection is possible for label budgets as low as 0.5% when an active learning approach is adopted for genetic programming (GP) streaming data analysis. The full article appears as S. Khanchi et al., (2018) "On Botnet Detection with Genetic Programming under Streaming Data, Label Budgets and Class Imbalance" in Swarm and Evolutionary Computation, 39:139--140. https://doi.org/10.1016/j.swevo.2017.09.008